The week in breach news

North America

Google

Google warned its 2.5 billion Gmail users to strengthen account protections following a just announced June 2025 data breach involving one of its third-party Salesforce systems.

The breach, linked to the extortion group ShinyHunters, occurred after attackers successfully executed a vishing attack to trick an employee into granting them access.  The bad actors then infiltrated a corporate Salesforce instance containing contact information and sales notes for small and midsize businesses.

Google stressed that the incident did not expose users’ financial data. The company also claims the compromised information was limited to business names and contact details, much of it already public.

ShinyHunters also recently conducted similar attacks on several other major corporations using the Salesforce exploit, including TransUnion this week and Farmers Insurance last week.

North America

The City of Baltimore

The City of Baltimore lost more than $1.5 million to a business email compromise (BEC) scam after a fraudster tricked employees into changing a contractor’s bank account information.

Investigators just announced that in December 2024, an unspecified attacker submitted a fraudulent supplier contact form using the name of a legitimate company employee to gain access to the vendor’s Workday account. The impersonated individual did not have access to financial systems, and the email provided was not company-issued. Still, an accounts payable employee failed to verify the identity with the vendor.

The fraudster submitted multiple requests to switch bank account details, which were approved by two employees. Baltimore then made two payments in February and March 2025, one for $800,000 and another for $721,000. The city recovered the smaller payment after the recipient’s bank flagged suspicious activity.

This marks at least the third vendor fraud incident to strike Baltimore’s government since 2019.

North America

TransUnion

TransUnion disclosed a data breach impacting nearly 4.5 million people, according to a filing with the Maine Attorney General’s Office. The incident occurred on July 28, 2025 and was discovered two days later.

Hackers gained access through a third-party app used in TransUnion’s consumer support operations, although the company said its core credit database was not compromised. Stolen data includes names, birthdates, Social Security numbers, contact details, transaction reasons and support messages.

Attackers claim to have taken over 13 million records, with 4.4 million tied to U.S. consumers. The breach is linked to a wave of Salesforce-related attacks, reportedly led by the extortion group ShinyHunters, which exploited malicious integrations to steal sensitive records across multiple industries.

European Union

Auchan

French retail giant Auchan disclosed a cyberattack that compromised the loyalty accounts of several hundred thousand customers, according to a report by Agence France-Presse (AFP).

The stolen data includes names, email and postal addresses, phone numbers and loyalty card numbers, the company confirmed. Auchan stressed that no banking details, passwords or loyalty card PIN codes were exposed.

The company said the incident has been contained and that affected customers, along with France’s data watchdog CNIL, have been notified. Belgian customer information may also have been impacted.

North America

Manpower

Milwaukee-based ManpowerGroup confirmed a data breach affecting 144,189 people at one of its Lansing, Mich., franchises. The incident, which occurred between December 29, 2024, and January 12, 2025, involved a ransomware attack that exfiltrated client personal information.

While Manpower confirmed names and basic personal details were compromised, the attackers claim to have obtained more sensitive data, including passport scans, Social Security numbers, financial records and HR analytics.

European Union

Miljödata

A ransomware attack on Miljödata, a software provider serving a large number of Sweden’s municipalities, has affected around 200 organizations,

Miljödata’s systems, including its Adato platform, manage municipal operations related to long-term sick leave, work-related injuries and other HR functions. Karlstad University said it was notified of the attack on Monday, August 25. While its own IT systems appear secure, personal data shared with Adato may have been exposed.

Swedish police reported that attackers demanded a ransom of 1.5 bitcoins (approximately 1.5 million Swedish korenor or US $165,000) from Miljödata.

North America

Health Services LLC

Health Services LLC, a franchise operator of Miracle Ear, announced a data breach potentially affecting up to 90,133 individuals

The security incident was identified on January 28, 2025, following detection of suspicious network activity. A forensic investigation revealed that an unauthorized actor had accessed the company’s network between January 2 and January 28, 2025.

A data review completed on May 14, 2025, confirmed that the exposed information included full names, phone numbers, email and postal addresses, dates of birth, patient ID numbers, Social Security numbers and health insurance information. Diagnosis and treatment details were also snatched. Health Services LLC is notifying affected individuals and taking steps to secure its systems.